Snyk Validation Integration

Suggest Edits

By combining Snyk SAST and Bright DAST, users can validate their Snyk SAST issues more comprehensively. This approach reduces false positives and improves the reliability of vulnerability assessments, providing a more robust and trustworthy experience.

This is how the Snyk integration works:

  1. The Bright app continuously reviews all Snyk SAST issues.
  2. For each Snyk issue, the integration identifies a separate test.
  3. A list of tests is collected for each project.
  4. The Bright app runs selected tests and provides a list of validated issues.
  5. Each Bright issue is linked with a corresponding Snyk SAST issue.

Prerequisites

  • Created Project in Snyk using Service account
  • Obtained Snyk organization ID and API key (token)

Step-by-step guide

  1. Open the Organization tabIntegration section
  2. Select the SnykSettings
  3. Provide Snyk organization ID and organization API key and click Connect
  4. Create a project and select permissions
  5. Open the Project pageSettingsAdd integration
  6. Select a Snyk project, associate a repository and click Save

👍

Important:

One Bright project can be connected with one Snyk project only. For more integrations new projects should be created.

  1. Open a Scans tab → Create a new scan, select the project created earlier and click Start Scan

Snyk project contains a list of tests to perform, manual test selection in the Bright web app is unavailable.

How to review performed tests

To see the test list, provided by Snyk project, do the following:

  • Open a Scans tab → select the scan
  • Open a Configuration tab and scroll down to Tests to run

Scan results

After the tests are completed, a scan page will display a list of issues found. This short-list of vulnerability issues have been tested and validated by Bright based on Snyk scan issues.

To open a Snyk issue connected to Bright scan, do the following:

  1. Open a Scan Details page → Select an issue
  2. Open an Additional info tab. Snyk project, connected to the Bright issue, is placed in External issue services URL section.

Updated about 2 months ago